WordPress Plugin Vulnerabilities

Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download

Description

The lack of authorisation checks in the handle_downloads() function, hooked to admin_init() could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload.

Proof of Concept

Affects Plugins

Plugin icon
product-input-fields-for-woocommerce
Fixed in 1.2.7

References

CVE
CVE-2020-36696
URL
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
Yes
WPVDB ID
15f345e6-fc53-4bac-bc5a-de898181ea74

Timeline

Publicly Published
2020-08-03 (about 5 years ago)
Added
2020-08-03 (about 5 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-05-14
Title
Password Protected < 2.6.7 - Missing Authorization to Sensitive Information Exposure
Published
2021-02-05
Title
Ultimate GDPR & CCPA Compliance Toolkit < 2.5 - Unauthenticated Plugin Settings Export and Import
Published
2024-04-26
Title
Analytify < 5.2.4 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification
Published
2021-11-03
Title
Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset
Published
2022-02-11
Title
Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update